$ cat foo.rr2

#!/usr/bin/rarun2

program=./pp400

arg0=10

stdin=foo.txt

chdir=/tmp

#chroot=.

./foo.rr2

$ nc -l 9999

$ rarun2 program=/bin/ls connect=localhost:9999

1 - open a new terminal and type 'tty' to get a terminal name:

$ tty ; clear ; sleep 999999

/dev/ttyS010

2 - Create a new file containing the following rarun2 profile named foo.rr2:

#!/usr/bin/rarun2

program=/bin/ls

stdio=/dev/ttys010

3 - Launch the following radare2 command:

r2 -r foo.rr2 -d /bin/ls

A minimalistic mathematical expression evaluator for the shell that is useful for making base conversions between floating point values, hexadecimal representations, hexpair strings to ASCII, octal to integer, and more. It also supports endianness settings and can be used as an interactive shell if no arguments are given.

$ rax2 1337

0x539

$ rax2 0x400000

4194304

$ rax2 -b 01111001

y

$ rax2 -S radare2

72616461726532

$ rax2 -s 617765736f6d65

awesome

You can get radare from the GitHub repository: https://github.com/radareorg/radare2

Binary packages are available for a number of operating systems (Ubuntu, Maemo, Gentoo, Windows, iPhone, and so on). But you are highly encouraged to get the source and compile it yourself to better understand the dependencies, to make examples more accessible and, of course, to have the most recent version.

A new stable release is typically published every month.

The radare development repository is often more stable than the 'stable' releases. To obtain the latest version:

$ git clone https://github.com/radareorg/radare2.git

This will probably take a while, so take a coffee break and continue reading this book.

To update your local copy of the repository, use git pull anywhere in the radare2 source code tree:

$ git pull

If you have local modifications of the source, you can revert them (and lose them!) with:

$ git reset --hard HEAD

Or send us a patch:

$ git diff > radare-foo.patch

The most common way to get r2 updated and installed system wide is by using:

$ sys/install.sh

There is also a work-in-progress support for Meson.

Using clang and ld.gold makes the build faster:

CC=clang LDFLAGS=-fuse-ld=gold meson . release --buildtype=release --prefix ~/.local/stow/radare2/release

ninja -C release

# ninja -C release install

Take a look at the scripts in sys/, they are used to automate stuff related to syncing, building and installing r2 and its bindings.

The most important one is sys/install.sh. It will pull, clean, build and symstall r2 system wide.

Symstalling is the process of installing all the programs, libraries, documentation and data files using symlinks instead of copying the files.

By default it will be installed in /usr/local, but you can specify a different prefix using the argument --prefix.

This is useful for developers, because it permits them to just run 'make' and try changes without having to run make install again.

Cleaning up the source tree is important to avoid problems like linking to old objects files or not updating objects after an ABI change.

The following commands may help you to get your git clone up to date:

$ git clean -xdf

$ git reset --hard @~10

$ git pull

If you want to remove previous installations from your system, you must run the following commands:

$ ./configure --prefix=/usr/local

$ make purge

Currently the core of radare2 can be compiled on many systems and architectures, but the main development is done on GNU/Linux with GCC, and on MacOS X with clang. Radare is also known to compile on many different systems and architectures (including TCC and SunStudio).

People often want to use radare as a debugger for reverse engineering. Currently, the debugger layer can be used on Windows, GNU/Linux (Intel x86 and x86_64, MIPS, and ARM), OS X, FreeBSD, NetBSD, and OpenBSD (Intel x86 and x86_64)..

Compared to core, the debugger feature is more restrictive portability-wise. If the debugger has not been ported to your favorite platform, you can disable the debugger layer with the --without-debugger configure script option when compiling radare2.

Note that there are I/O plugins that use GDB, WinDbg, or Wine as back-ends, and therefore rely on presence of corresponding third-party tools (in case of remote debugging - just on the target machine).

To build on a system using acr and GNU Make (e.g. on *BSD systems):

$ ./configure --prefix=/usr

$ gmake

$ sudo gmake install

There is also a simple script to do this automatically:

$ sys/install.sh

You can build radare2 statically along with all other tools with the command:

$ sys/static.sh

You can use meson + ninja to build:

$ sys/meson.py --prefix=/usr --shared --install

If you want to build locally:

$ sys/meson.py --prefix=/home/$USER/r2meson --local --shared --install

Radare2 repository ships a Dockerfile that you can use with Docker.

This dockerfile is also used by Remnux distribution from SANS, and is available on the docker registryhub.

./configure --prefix=/old/r2/prefix/installation

make purge

Radare2 relies on the Meson build system generator to support compilation on all platforms, including Windows. Meson will generate a Visual Studio Solution, all the necessary project files, and wire up the Microsoft Visual C++ compiler for you.